file descriptor exceeds limit
Mike Hoskins (michoski)
michoski at cisco.com
Fri Jun 19 20:18:22 UTC 2015
On 6/19/15, 4:07 PM, "bind-users-bounces at lists.isc.org on behalf of
/dev/rob0" <bind-users-bounces at lists.isc.org on behalf of rob0 at gmx.co.uk>
wrote:
>On Fri, Jun 19, 2015 at 02:55:23PM -0500, I wrote:
>> On Thu, Jun 18, 2015 at 11:11:16PM +0000,
>> Mike Hoskins (michoski) wrote:
>snip
>> Note that connection tracking can be a problem upstream as well,
>> for the same reasons as described in the article. I would still
>> turn off conntrack for UDP DNS upstream, unless you're using DNAT
>> (yuck.)
>
>Oh ... hahaha ... I missed the @cisco.com, so I don't suppose you're
>using Linux on your upstream routers. :)
>
>The same idea applies regardless of implementation, of course.
Quite alright... In past lives yes, and perhaps even internally at times
(more often OpenBSD and pf)...though I won't admit that. ;-D
Regardless, all input is welcome. I'll check out the KB article. I have
sat for hours with the network team making sure "their" gear isn't
touching "my" DNS packets in any perverted ways, but it's always good to
triple check.
Thanks!
More information about the bind-users
mailing list